FAQ - SDK upgrade 2026
TABLE OF CONTENTS
- General FAQ
- Why is Entrust pushing for an SDK update?
- Why are Apple and Google requirements also driving this update?
- What happens if I don’t upgrade the SDK?
- Which customers are impacted?
- What are the key deadlines?
- What are my upgrade options?
- How to request an SDK upgrade?
- What concrete actions are required from the customer?
- CA certificate change
- Apple Mandate
- Why is an SDK upgrade required due to the Apple Xcode 26 mandate?
- Who is impacted by the Apple Xcode 26 mandate?
- What happens if I do not upgrade the SDK?
- What is the key deadline for the Apple Xcode 26 mandate?
- Is a patch available instead of a full SDK upgrade for Xcode 26 compliance?
- Is this mandate driven by Entrust?
- Google Mandate
- Why is an SDK upgrade required following the Google Unified Push Provisioning (UPP) mandate?
- What happens if I don’t upgrade the SDK?
- Which customers are impacted by the Google Unified Push Provisioning mandate?
- What are the key deadlines for the Google Unified Push Provisioning mandate?
- Is a patch available instead of a full upgrade?
- What SDK versions are ready today?
- Is this mandate driven by Entrust?
- Specific action required during your Entrust project
General FAQ
Why is Entrust pushing for an SDK update?
Because the SDK must be updated to renew certificates, align with industry security standards, and avoid service disruption ahead of the June 26, 2026 deadline.
Why are Apple and Google requirements also driving this update?
Because newer SDK versions incorporate mandatory Apple and Google updates (security, certificate handling, and upcoming wallet requirements) that are not supported on older SDK releases.
What happens if I don’t upgrade the SDK?
Depending on your use case:
- SDKs without the new CA certificate will stop functioning after June 26, 2026
- Apple apps cannot be published or updated if not built with Xcode 26 after April 28, 2026
- Push provisioning to Google Wallet will no longer work with deprecated APIs after October 2026
Which customers are impacted?
Impact / Requirement | Full SDK (Native & Bridge) | Light SDK | Web API |
CA Certificate Change | ✅ | ❌ | ❌ |
Apple Xcode 26 | ✅ | ✅ | ❌ |
Google UPP | ✅ | ✅ | ❌ |
What are the key deadlines?
- April 28, 2026: Apple blocks app submissions not built with Xcode 26
- June 26, 2026: SDKs without the new CA certificate will cease functioning
- October 2026: All Google Push implementations must migrate to Unified API
What are my upgrade options?
Entrust offers two upgrade approaches, either support‑led or via a dedicated project, depending on your needs.
For both approaches, you may either deploy a patch (if your current SDK version supports it) or upgrade to a newer SDK version where required.
How to request an SDK upgrade?
To request an SDK upgrade, open a FreshDesk support ticket (link here) and select:
- “Project Integration” if you have an open project with Entrust, or
- “Support Run” if you do not have an active project.
In the ticket, please:
- Specify the issuer name.
- Specify your current SDK versionfor each OS (iOS or Android)
- Indicate whether you prefer for each OS:
- a patch on your current version, and/or
- an upgrade to a newer SDK version.
By default, the latest SDK version will be provided.
What concrete actions are required from the customer?
- Upgrade the SDK (either via a patch on the current version or by upgrading to a new version).
- Upgrade the mobile application(s).
- Publish the updated mobile application(s).
- Require end users to update their mobile application(s).
CA certificate change
Why is Entrust changing the DCS CA certificate?
We recognize that this is an unplanned update, but it is necessary due to difficulties with our current certificate provider. This update ensures that the Mobile SDK is not tied to this single provider, making the system more resilient and helping to prevent this issue from happening again
Are all Entrust customers impacted by this CA certificate change?
No.
The CA certificate change only applies to customers using the Entrust Full DCS SDK.
Customers not using the Full SDK (Light SDK / API / Web Services integration only) are not impacted.
| Integration Type | Impacted | Action Required |
|---|---|---|
| Full DCS SDK | ✅ Yes | Upgrade SDK (mandatory) |
| React Native SDK | ✅ Yes | Upgrade SDK (mandatory) |
| Cordova SDK | ✅ Yes | Upgrade SDK (mandatory) |
| Light SDK | ❌ No | None |
| DCS APIs only (server‑to‑server) | ❌ No | None |
| Web Services only | ❌ No | None |
| No Entrust mobile SDK | ❌ No | None |
What happens if an SDK customer does not upgrade?
After the communicated deadline, all SDK-based features will stop working. Customers may no longer be able to provision, update, or use cards and credentials depending on the impacted feature.
How can a customer determine whether they are impacted by the CA certificate change?
A customer is impacted only if they have the Entrust Full mobile SDK deployed (including frameworks built on the Full SDK).
If the customer does not use the Full SDK, there is no impact from the CA certificate change.
Apple Mandate
Why is an SDK upgrade required due to the Apple Xcode 26 mandate?
Apple requires that all iOS applications submitted to the App Store be built using Xcode 26 or later. Applications built with earlier Xcode versions will no longer be accepted for publication or updates.
To remain compliant with this Apple requirement, Entrust has updated its iOS SDK to support Xcode 26, making an SDK upgrade necessary for impacted customers
Who is impacted by the Apple Xcode 26 mandate?
You are impacted if you:
- Use the Entrust iOS SDK (Full or Light SDK, Native or Bridge)
- Need to publish a new iOS application or update an existing one on the Apple App Store
Customers who do not publish or update an iOS application are not immediately impacted, but future updates will require compliance
What happens if I do not upgrade the SDK?
If your application is not built with Xcode 26:
- Apple will block app submissions and updates on the App Store
- You will be unable to deploy new versions of your iOS application, including fixes or enhancements
This restriction is enforced by Apple and is outside of Entrust’s control
What is the key deadline for the Apple Xcode 26 mandate?
- April 28, 2026: Apple will block the submission or update of iOS applications not built with Xcode 26 or later
Is a patch available instead of a full SDK upgrade for Xcode 26 compliance?
Yes. A patch is available upon request to enable Xcode 26 compatibility on specific SDK versions. However, Entrust recommends upgrading to a recent SDK version where possible to ensure full compliance and alignment with other mandatory changes.
Is this mandate driven by Entrust?
No. The Xcode 26 requirement is mandated by Apple. Entrust’s SDK upgrade ensures continued compatibility with Apple App Store submission requirements and prevents disruption to iOS application lifecycle management
Google Mandate
Why is an SDK upgrade required following the Google Unified Push Provisioning (UPP) mandate?
Google is deprecating its legacy Push Provisioning APIs and now requires Unified Push Provisioning (UPP) to add cards to Google Wallet. Support for UPP is implemented only in newer Entrust SDK versions. Older SDKs use the deprecated Google APIs and cannot support UPP.
As a result, customers using Push to Google Wallet must upgrade their Entrust SDK to remain compliant and avoid service disruption when the legacy APIs are deprecated.
What happens if I don’t upgrade the SDK?
Push provisioning to Google Wallet will no longer work with deprecated APIs after October 2026.
Which customers are impacted by the Google Unified Push Provisioning mandate?
You are impacted if you use Push to Google Wallet with Full or Light SDK (Native or Bridge).
Note: Independently of the Entrust SDK upgrade, you may still need to coordinate directly with Google to complete any required actions on the Google portal (for example, PGP key exchange).
Dedicated project is highly recommended as it is a new Google Pay service.
What are the key deadlines for the Google Unified Push Provisioning mandate?
- Starting in 2026: All new projects must be implemented using Google’s Unified Push Provisioning (UPP) API.
- October 2026: All existing Google Push Provisioning implementations must migrate to the UPP API to avoid service disruption.
Is a patch available instead of a full upgrade?
No.
For compliance with the Google Unified Push Provisioning (UPP) mandate, a minimum SDK version of 2.8.1 is required. This change cannot be delivered via a patch, as support for Google UPP is implemented only in newer SDK versions.
What SDK versions are ready today?
- Native SDK 2.8.1
- Bridge SDK 2.8.1
Is this mandate driven by Entrust?
No. The requirement for Android SDK is mandated by Google.
Entrust’s SDK upgrade ensures continued compatibility with Google Push Provisioning APIs new requirements and prevents disruption to Android application lifecycle management.
Specific action required during your Entrust project
- Contact Google to migrate the implementation from Legacy Push to UPP.
- Proceed with the key exchange between Entrust and Google, if required by Google:
- Open a FreshDesk support ticket with Entrust.
- Entrust will generate and send a key to the customer.
- The customer must upload this key to the Google portal.
- Google will generate a corresponding key, which must be sent back to Entrust to complete the exchange.
Did you find it helpful? Yes No
Send feedback